For years, Bitcoin was widely associated with cryptocurrency-related crime. New industry data suggests that picture has changed astronomically, with stablecoins now accounting for the vast majority of identified illicit cryptocurrency activity.
The change of terms was accentuated by Bitcoin-focused financial services company River, which cited blockchain intelligence findings showing that Bitcoin's role in unlawful crypto transactions has declined sharply over the past several years. According to data attributed to Chainalysis, Bitcoin represented roughly 70% of illicit cryptocurrency transaction volume in 2020. By 2025, that figure had fallen to approximately 7%, while stablecoins had grown to account for around 84% of identified illicit transaction volume.
The numbers point to a drastic transformation in how cybercriminals, fraud operators, sanctioned entities, and money-laundering networks move digital funds across borders.
Why Stablecoins Are Becoming More Attractive to Criminal Networks
Unlike Bitcoin and many other cryptocurrencies, stablecoins are designed to maintain a relatively fixed value, typically by being linked to a traditional currency such as the U.S. dollar.
This stability removes one of the major risks associated with cryptocurrency transactions. A criminal group holding $1 million in Bitcoin today could see the value fluctuate significantly within days. Stablecoins largely eliminate that uncertainty, allowing illicit actors to move, store, and transfer funds without being exposed to major price swings.
Researchers say this makes stablecoins particularly useful in fraud schemes, investment scams, money-laundering operations, and cross-border transfers where predictable value is important.
The spike in acceptance of stablecoins across exchanges, payment services, and over-the-counter trading networks has also contributed to their increased use. Many stablecoins can be transferred globally within minutes while maintaining a value closely tied to fiat currency, making them practical for both legitimate and illegitimate financial activity.
Bitcoin Still Appears in Certain Criminal Operations
Despite its declining share, Bitcoin has not disappeared from the cybercrime infrastructure. It is still part of the overall pipeline in digital currency exchange.
Blockchain investigators continue to observe Bitcoin being used in ransomware attacks, darknet marketplaces, and extortion schemes. In these environments, long-established infrastructure, existing payment workflows, and familiarity among threat actors continue to support Bitcoin's use.
However, analysts note that criminal organizations are increasingly treating Bitcoin as only one option within a much larger digital financial ecosystem rather than the default cryptocurrency for illicit transactions.
Illicit Crypto Activity Continues to Soar
The change in asset preference comes as blockchain intelligence firms report increases in the overall value of illicit cryptocurrency activity.
TRM Labs recently estimated that illicit cryptocurrency flows reached approximately $158 billion in 2025, representing the highest level recorded by the company. The firm reported a sharp increase from the previous year, attributing much of the growth to sanctions-related activity, sophisticated money-laundering operations, underground financial networks, and expanded use of cryptocurrency by state-linked actors.
A large portion of these transactions involved stablecoins in the grand scheme of carrying out cyber criminal activities.
Researchers also observed that sanctions-evasion networks increasingly rely on stablecoins because of their liquidity, accessibility, and ability to move large sums through multiple jurisdictions with relative speed.
Compliance and Regulatory Pressure Expected to become more stringent
The developing concentration of illicit activity within stablecoin ecosystems is likely to intensify scrutiny from regulators and law-enforcement agencies.
Unlike decentralized cryptocurrencies, many major stablecoins are issued by identifiable companies that maintain reserve assets and have the technical ability to freeze certain wallets when required by legal authorities.
As a result, policymakers are increasingly examining how stablecoin issuers monitor suspicious transactions, respond to sanctions violations, and cooperate with criminal investigations.
Several stablecoin providers have already expanded collaboration with law enforcement agencies. Tether, the issuer of USDT, has publicly reported freezing wallets connected to suspected criminal activity, while blockchain analytics companies continue to develop tracking tools designed to identify suspicious transaction patterns across networks.
Criminal Use Remains a Small Portion of Overall Activity
Although illicit cryptocurrency volumes have risen in absolute terms, researchers caution against interpreting the data as evidence that most cryptocurrency activity is criminal.
Industry reports consistently show that unlawful transactions represent only a small fraction of total blockchain activity. Stablecoins process trillions of dollars in annual transaction volume, meaning the overwhelming majority of transactions are associated with legitimate uses such as payments, trading, remittances, and settlement activities.
Nevertheless, the latest findings draw a clearer picture into how criminal groups adapt quickly to changing financial technologies. While Bitcoin once dominated illicit cryptocurrency transactions, blockchain intelligence data now suggests that stablecoins have become the preferred vehicle for many forms of crypto-enabled financial crime due to their price stability, global accessibility, and ease of transfer.
The trend is expected to remain a driving focus for regulators, compliance teams, cryptocurrency exchanges, and law-enforcement agencies as governments continue developing rules for the rapidly expanding stablecoin sector.
